Spam Offering Hotel Refund Carries Malware

 Analysis by: Chloe Ordonia

From: Reservation Departament; support@preferredhotel.com
Subject: Hotel New York Marriott Marquis made wrong transaction

Trendlabs received spam samples that used the name of a popular hotel chain to lure recipients to claim a refund, with the body of the message citing that the specified hotel had charged their credit card by mistake. The sender of the email made use of a domain connected to travel agencies, in an obvious attempt to appear more legitimate to the recipient.

The spammed message then asks the client to download and extract the form entitled Refund_Form.exe and fill out the necessary information fields for them to have their so-called refund. The file Refund_Form.exe is verified as malicious and is already detected as TROJ_BREDO.NEW.

Users are advised not to open the attached file or any files attached to suspicious emails received from unknown senders.

 SPAM BLOCKING DATE / TIME: July 28, 2011 GMT-8
 TMASE INFO
  • ENGINE:6.8
  • PATTERN:8290